I think that log entry is beyond my abilities at the moment. Do you happen to know what the 155451 means? And what type of device is this for?
On Tue, Aug 3, 2010 at 5:37 AM, Muraleedaran Kanapathy <[email protected]> wrote: > Hi Dan > > Thanks for the support,Yes it worked after disabling IP and the hostname , > > I am copying the solution below which I used with syslog-ng and ossec > running on same server and the same time to get the pix alerts > > NOTE:- I did not enable the syslog on ossec , the OSSEC reads the syslog -ng > files > > Step 1 vi syslog-ng and create the templates as follows > > template t_pix { template ("$S_STAMP $MSG\n");}; > destination df_cisco_firewall { file ("/var/log/cisco/firewall.log" > template(t_pix));}; > > > The above config will disable the HOSTNAME and the IP , will write only the > source timestamp and the message. > > > > Also can you help me to sort out the cisco log messages the logs are written > as follows but ossec does not understand > > Aug 3 12:29:18 1.1.1.1 155451: *Aug 3 02:44:50.072: > %C4K_HWPORTMAN-4-BLOCKEDTXQUEUE: Blocked transmit queue HwTxQId3 on Switch > Phyport Gi2/3, count=5505742 > > > > Best regards, > Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department
